The latest version of Apple's macOS comes with more than just a slew of fancy new features.

Buried inside macOS 11.3, which was released Monday morning, is a patch that fixes a critical vulnerability that was actively being exploited. This means that, yes, hackers or criminals or governments around the world were using this previously unreported bug for their own malicious ends.

That's according to Patrick Wardle, creator of the Mac security website and tool suite . In a blog post timed to coincide with the release of macOS 11.3, Wardle explains just how serious the now-patched vulnerability is.

  1. Tenille Arts is celebrating a history-making No.1 single this week with her breakout hit, “Somebody Like That,” which has reached the top spot on the Mediabase/Country Aircheck.
  2. View Lab Report - 1.6Ex.Lab.sam from NT 1210 at ITT Tech. Samir Borrego, Robert Duncan, Brien Trinh, Julio Dominguez, Ricardo vilches, Shirly Mu, Gina Haden NT1210 Mr Jack Chang Tuesday morning.
  3. Cdotrends.com — The COVID-19 pandemic has challenged government agencies to collaborate, communicate, and innovate rapidly. As markets around the region begin to recover, government IT leaders who have become more adept at navigating the heightened expectations and increased demand for their digital services have a unique opportunity.
  4. Minimum system requirements call for Mac OS X v10.1.5 or Mac OS X v10.2.3 or later, including Mac OS X v10.3. A G3/350MHz or faster Mac is also required, along with 192MB RAM, 150MB hard disk.

'This bug trivially bypasses many core Apple security mechanisms, leaving Mac users at grave risk,' he writes.

If you can’t hear sound from your Mac speakers. First, make sure any volume controls in the app you’re using aren’t turned all the way down. Also, try playing a different audio file, CD, or DVD, or try playing the file or disc on another computer or media player to isolate the problem. Then, try the following solutions.

Worryingly, Wardle and Jamf, a company that makes Apple management software for enterprise customers, were able to detect real malware exploiting this bug in the wild.

We reached out to Apple to both confirm Wardle's report and that macOS 11.3 contains a patch for this specific vulnerability. An Apple spokesperson confirmed that the latest version of macOS does include a fix for the underlying issues.

Discovered and reportedby Cedric Owens, an offensive security researcher, the bug — a logic flaw — reportedly allows a bad actor to bypass Apple's File Quarantine and Notarization requirements. It also, according to Apple, allows malware to skip the display of the Gatekeeper dialogue box but not bypass XProtect, Gatekeeper's malware detection, itself.

Why is this such a big deal?

Morning (jack mordred) mac os download

'When a user downloads and opens an app, a plug-in, or an installer package from outside the App Store, Gatekeeper verifies that the software is from an identified developer, is notarized by Apple to be free of known malicious content, and hasn’t been altered,' explains an Apple support page. 'Gatekeeper also requests user approval before opening downloaded software for the first time to make sure the user hasn’t been tricked into running executable code they believed to simply be a data file.'

Presumably, then, this bug allows malware to skip that latter part of the Gatekeeper process.

In other words, bad actors are able to use this exploit to render many of the protective measures your computer takes to ensure downloaded files aren't malware useless.

Morning (Jack Mordred) Mac OS

Morning (jack Mordred) Mac Os Update

Wardle demonstrates what this looks like in practice with a quick proof-of-concept video. In the video, embedded below, he shows how a downloaded file — which, to the user, looks like a PDF file — launches the calculator app.

And while Mac users don't necessarily need to worry about their calculator apps, they should worry about supposed PDF files being able to launch random applications on their computers without a bunch of alarm bells going off.

A hacker, after all, won't be interested in simple addition and subtraction.

Instead, someone exploiting the vulnerability might be able to launch a hidden program that could be involved any number of worrisome activities — think ransomware, stealing credit card digits, or worse.

Wardle was quick to clarify that exploiting this bug requires a user to first click or download something. Still, that's only a partial assurance.

'The majority of Mac malware infections are a result of users (naively, or mistakenly) running something they should not,' explained Wardle over direct message. 'And while such infections, yes, do require user interaction, they are still massively successful. In fact the recently discovered Silver Sparrow malware, successfully infected over 30,000 Macs in a matter of weeks, even though such infections did require such user interactions.'

Morning (jack Mordred) Mac Os Catalina

Thankfully, macOS 11.3 contains a fix — a fact Wardle says he was able to verify by reverse-engineering the latest operating system. 'And good news,' writes Wardle on his blog, 'once patched macOS users should regain full protection.'

SEE ALSO: How to stop your cell provider from sharing (some of) your data

That's good news indeed.

Morning (jack Mordred) Mac Os Download

So go ahead and download macOS 11.3, and rest easy knowing that at least this specific Mac security problem has been fixed. Don't, however, throw all caution to the wind — please still think twice before downloading random files from the internet.

⇐ ⇐ Starglider Mac OS
⇒ ⇒ MIDNIGHT Remastered (itch) Mac OS